Mededeling

Collapse
No announcement yet.

Windows 7 Update e.a. werken niet meer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Windows 7 Update e.a. werken niet meer

    Beste,

    Stel vast dat de update-functie van Windows 7 Premium 64 bit evenals de Security Sevices niet meer werken.
    Heb een systeemherstel gedaan op debroegste datu m doch geen oplossing

    Excuses - was een beetje te snel met verzenden.

    Probleem heeft betrekking op de laptop van mijn zoon.
    Malwarebytes en AVS-virusscanners met succes hun ding laten doen. Doch updater en security services werken nog niet.
    Graag assistentie.
    Dank en groeten - Leifoet
    Last edited by Emphyrio; 17-07-13, 13:15.

  • #2
    Hoi leifoet ,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Stap 1:

    Malware scannen en verwijderen....


    Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links: Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    ___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    Beveiligingssoftware uitschakelen.

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner en klik op Verwijderen

    • KLIK HIER voor een vergroting! 
    • Klik bij AdwCleaner – Information op OK
    • Klik bij AdwCleaner – Restart Required op OK

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

    ___________________________________________________________

    Stap 4:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Windows 7 Update e.a. werken niet meer

      Beste Emphyrio,

      Hierna tref je de gevraagde logbestanden.

      Stap 1
      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.07.17.04

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      DRTR :: DRTR [administrator]

      17/07/2013 16:23:42
      mbam-log-2013-07-17 (16-23-42).txt

      Scan type: Volledige scan (C:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 362342
      Verstreken tijd: 55 minuut/minuten, 50 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)


      Stap 2
      # AdwCleaner v2.305 - Verslag gemaakt op 18/07/2013 om 02:30:20
      # Geactualiseerd op 11/07/2013 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruiker : DRTR - DRTR
      # Opstarten Modus : Normale modus
      # Gelanceerd vanaf : C:\Users\DRTR\Desktop\adwcleaner.exe
      # Optie [Verwijderen]


      ***** [Diensten] *****


      ***** [Files / Mappen] *****

      Map Verwijderd : C:\Program Files (x86)\sweetpacks bundle uninstaller

      ***** [Register] *****

      Sleutel Verwijderd : HKCU\Software\Softonic
      Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar

      ***** [Browsers] *****

      -\\ Internet Explorer v9.0.8112.16421

      [OK] Het register bevat geen enkele ongeoorloofde invoer.

      *************************

      AdwCleaner[S1].txt - [781 octets] - [18/07/2013 02:30:20]

      ########## EOF - C:\AdwCleaner[S1].txt - [840 octets] ##########

      Stap 3
      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 9.0.8112.16421
      Run by DRTR at 2:48:03 on 2013-07-18
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2749 [GMT 2:00]
      .
      AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
      SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
      C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\system32\atiesrxx.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.e xe
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Program Files\Dell\DellDock\DockLogin.exe
      C:\Windows\system32\atieclxx.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
      C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\DRIVERS\o2flash.exe
      C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      C:\Windows\system32\pnusbvirtualhubwssrv.exe
      C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
      C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
      C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\IDT\WDM\sttray64.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
      C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
      C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
      C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
      C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
      C:\Windows\SysWOW64\PNUSBCLITRAY.exe
      C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
      C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
      C:\Program Files (x86)\AVG\AVG2013\avgui.exe
      C:\Windows\SysWOW64\PNTray.exe
      C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
      C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
      C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
      C:\Windows\splwow64.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.be/
      uWindow Title = Telenet Internet
      uDefault_Page_URL = hxxp://www.telenet.be
      mStart Page = hxxp://www.telenet.be
      mWindow Title = Telenet Internet
      mDefault_Page_URL = hxxp://www.telenet.be
      mWinlogon: Userinit = userinit.exe,
      BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
      uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
      mRun: [pnusbclitray] pnusbclitray.exe
      mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
      mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      LSP: mswsock.dll
      DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxvpn.cab
      DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
      DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://goto.monica.be/vdesk/terminal/InstallerControl.cab
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
      DPF: {553AAF97-E49C-11D0-A303-0040C711066C} - file:///D:/backend/DicomObjectsLight.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://goto.monica.be/vdesk/terminal/urxshost.cab
      DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxhost.cab
      DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
      TCP: NameServer = 192.168.1.1
      TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890} : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\75966496F51354 : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\7796669643 : DHCPNameServer = 195.130.137.2 195.130.132.103
      TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\84A5A5 : DHCPNameServer = 195.130.131.3 195.130.130.131
      Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
      SSODL: WebCheck - <orphaned>
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
      x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
      x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
      x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
      x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
      x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-SSODL: WebCheck - <orphaned>
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
      R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
      R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
      R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
      R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-24 55280]
      R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
      R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
      R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
      R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]
      R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
      R1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);C:\Windows\System32\drivers\NEOFLTR_710_19243.SYS [2012-7-27 99152]
      R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-24 203264]
      R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
      R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
      R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
      R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
      R2 pnpnptool;Quest RDP PnP Driver;C:\Windows\System32\drivers\pnpnptool.sys [2010-7-18 50760]
      R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\System32\pnusbvirtualhubwssrv.exe [2010-7-18 501064]
      R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
      R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2009-12-24 23912]
      R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-24 5435904]
      R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-12-24 69152]
      R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
      R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2009-10-10 41232]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
      S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2010-2-16 44672]
      S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-24 172704]
      S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2011-4-15 18448]
      S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
      S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
      S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
      S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
      S3 pnusbd;Quest RDP USB Driver;C:\Windows\System32\drivers\pnusbd.sys [2010-7-18 37320]
      S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-24 215040]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-31 1255736]
      .
      =============== Created Last 30 ================
      .
      2013-07-17 10:34:16 35792 ----a-w- C:\Windows\System32\TURegOpt.exe
      2013-07-17 10:34:10 27088 ----a-w- C:\Windows\System32\authuitu.dll
      2013-07-17 10:34:08 22480 ----a-w- C:\Windows\SysWow64\authuitu.dll
      2013-07-17 10:33:33 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG
      2013-07-17 10:33:01 -------- d-----w- C:\ProgramData\AVG
      2013-07-17 10:29:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iTunes
      2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iPod
      2013-07-17 10:29:28 -------- d-----w- C:\Program Files (x86)\iTunes
      2013-07-17 10:29:04 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
      2013-07-17 10:20:57 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG2013
      2013-07-17 10:18:04 -------- d-----w- C:\Users\DRTR\AppData\Roaming\TuneUp Software
      2013-07-17 10:16:50 -------- d--h--w- C:\$AVG
      2013-07-17 10:16:50 -------- d-----w- C:\ProgramData\AVG2013
      2013-07-17 10:15:17 -------- d-----w- C:\Program Files (x86)\AVG
      2013-07-17 10:12:42 -------- d--h--w- C:\ProgramData\Common Files
      2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\MFAData
      2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\Avg2013
      2013-07-17 10:12:42 -------- d-----w- C:\ProgramData\MFAData
      2013-07-13 17:31:04 -------- d-----w- C:\ProgramData\F-Secure
      2013-07-11 10:33:54 -------- d-----w- C:\Users\DRTR\AppData\Local\ElevatedDiagnostics
      2013-06-26 06:24:18 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\offreg.dll
      2013-06-24 16:18:55 -------- d-----w- C:\Users\DRTR\AppData\Local\{6EE54F6F-E5BA-4F0D-AC55-72D096FA29B2}
      2013-06-22 18:39:46 -------- d-----w- C:\OutputFolder
      2013-06-22 18:39:45 -------- d-----w- C:\Users\DRTR\AppData\Roaming\Digiarty
      2013-06-22 18:32:17 -------- d-----w- C:\Users\DRTR\AppData\Local\MacGo
      2013-06-20 17:23:13 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\mpengine.dll
      .
      ==================== Find3M ====================
      .
      2013-06-27 14:59:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-06-27 14:59:52 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      .
      ============= FINISH: 2:48:43,61 ===============

      Stap 4
      Results of screen317's Security Check version 0.99.69
      Windows 7 Service Pack 1 x64 (UAC is enabled)
      Internet Explorer 10
      ``````````````Antivirus/Firewall Check:``````````````
      Windows Security Center service is not running! This report may not be accurate!
      Microsoft Security Essentials
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      AVG PC TuneUp
      AVG PC TuneUp Language Pack (nl-NL)
      AVG PC TuneUp
      Java(TM) 6 Update 24
      Java version out of Date!
      Adobe Flash Player 11.7.700.224
      Adobe Reader XI
      Google Chrome 22.0.1229.95
      ````````Process Check: objlist.exe by Laurent````````
      AVG avgwdsvc.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 2%
      ````````````````````End of Log``````````````````````

      Dank voor verdere check en oplossing 'update'.
      Leifoet

      Comment


      • #4
        Java(TM) 6 Update 24 mag je verwijderen van je pc via Programmas en onderdelen.



        Download TFC en sla deze op je Bureaublad op.
        • Dubbelklik op TFC.exe om het programma te openen.
        • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
        • Klik op de knop Start om het programma te starten.
        • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
          Als dit niet gebeurt, start dan je computer handmatig opnieuw op.


        _____________________________________________________________

        Download Combofix en plaats het op je bureaublad.

        KLIK HIER voor een vergroting! 

        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

        Als Combofix vraagt om een update, dan staat je dit toe.

        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
        Deze kan je vinden als C:\combofix.txt.

        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

        Emphyrio
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Beste Emphyrio,

          Probleempjes

          1. Kan Java(TM) 6 Update 24 (technisch) niet verwijderen => errorbericht : vindt blijkbaar de locatie niet
          2. Uitvoering van Combofix (cursor was ca 1u blijven knipperen na 'Voltooid Deel_48' - dan toch prog afgewerkt na ca 1u30) - zie logfile hierna
          => AVG was uitgeschakeld voor 10' (beetje weinig blijkbaar)
          => Kon Microsoft Security Essentials (technisch) niet uitschakelen en kan er niets aan wijzigen (error - initieel probleem samen met 'updates')
          3. Kan nu explorer niet meer opstarten - krijg volgend foutbericht :
          C:\Program Files (x86)\Internet Explorer\iexplore.exe - Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die gemarkeerd is voor verwijdering.
          Bij nader toezicht kan ik o.a. geen enkel programma van jouw checklist nog openen - dus ook niet het (op het bureaublad) opgeslagen DDS.com - Steeds dezelfde boodschap 'Er is geprobeerd...'
          (Zie inderdaad in de logfile een aantal (teveel ?) 'grendels')

          (Combofix-logfile verstuurd in nieuwe post - teveel tekens)

          Quid vervolg ?
          Met dank voor assistentie - Leifoet
          Last edited by leifoet; 20-07-13, 10:18.

          Comment


          • #6
            Beste Emphyrio,

            Hierna tref je noodgedwongen voorlopig enkel de Combofix-log - deel 1

            ComboFix 13-07-18.04 - DRTR 20/07/2013 9:14.1.2 - x64
            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2878 [GMT 2:00]
            Gestart vanuit: c:\users\DRTR\Desktop\ComboFix.exe
            AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
            SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            * Nieuw herstelpunt werd aangemaakt
            .
            .
            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            c:\programdata\ldsw_0paos.pad
            c:\windows\animbigN.bmp
            c:\windows\animsmalN.bmp
            c:\windows\SysWow64\rnaph.dll
            .
            .
            (((((((((((((((((((( Bestanden Gemaakt van 2013-06-20 to 2013-07-20 ))))))))))))))))))))))))))))))
            .
            .
            2013-07-17 10:34 . 2012-12-14 09:42 35792 ----a-w- c:\windows\system32\TURegOpt.exe
            2013-07-17 10:34 . 2012-12-14 09:42 27088 ----a-w- c:\windows\system32\authuitu.dll
            2013-07-17 10:34 . 2012-12-14 09:42 22480 ----a-w- c:\windows\SysWow64\authuitu.dll
            2013-07-17 10:33 . 2013-07-17 10:33 -------- d-----w- c:\users\DRTR\AppData\Roaming\AVG
            2013-07-17 10:33 . 2013-07-17 10:34 -------- d-----w- c:\programdata\AVG
            2013-07-17 10:29 . 2013-07-17 10:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
            2013-07-17 10:29 . 2013-07-17 10:30 -------- d-----w- c:\program files\iTunes
            2013-07-17 10:29 . 2013-07-17 10:30 -------- d-----w- c:\program files (x86)\iTunes
            2013-07-17 10:29 . 2013-07-17 10:29 -------- d-----w- c:\program files\iPod
            2013-07-17 10:29 . 2013-07-17 10:29 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
            2013-07-17 10:18 . 2013-07-17 10:18 -------- d-----w- c:\users\DRTR\AppData\Roaming\TuneUp Software
            2013-07-17 10:16 . 2013-07-17 10:16 -------- d-----w- C:\$AVG
            2013-07-17 10:15 . 2013-07-17 10:33 -------- d-----w- c:\program files (x86)\AVG
            2013-07-17 10:12 . 2013-07-20 08:17 -------- d-----w- c:\programdata\MFAData
            2013-07-17 10:12 . 2013-07-17 10:51 -------- d-----w- c:\users\DRTR\AppData\Local\Avg2013
            2013-07-17 10:12 . 2013-07-17 10:12 -------- d--h--w- c:\programdata\Common Files
            2013-07-17 10:12 . 2013-07-17 10:12 -------- d-----w- c:\users\DRTR\AppData\Local\MFAData
            2013-07-13 17:31 . 2013-07-17 11:26 -------- d-----w- c:\programdata\F-Secure
            2013-07-11 10:33 . 2013-07-11 10:33 -------- d-----w- c:\users\DRTR\AppData\Local\ElevatedDiagnostics
            2013-07-11 09:39 . 2013-07-11 09:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
            2013-06-26 06:24 . 2013-06-26 06:24 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\offreg.dll
            2013-06-22 18:39 . 2013-06-22 18:39 -------- d-----w- C:\OutputFolder
            2013-06-22 18:39 . 2013-06-22 18:39 -------- d-----w- c:\users\DRTR\AppData\Roaming\Digiarty
            2013-06-22 18:32 . 2013-06-23 13:04 -------- d-----w- c:\users\DRTR\AppData\Local\MacGo
            2013-06-20 17:23 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\mpengine.dll
            .
            .
            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2013-06-27 14:59 . 2013-02-12 08:40 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
            2013-06-27 14:59 . 2011-08-19 18:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
            2013-05-13 06:37 . 2011-10-16 18:41 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
            2013-05-10 09:33 . 2012-06-24 09:34 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
            .
            .
            ------- Sigcheck -------
            Note: Unsigned files aren't necessarily malware.
            .
            [-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
            [-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
            .
            [-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
            [-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
            .
            [-] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
            [-] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
            .
            [-] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
            [-] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
            .
            [-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
            [-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\system32\lsass.exe
            .
            [-] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll
            [-] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
            .
            [-] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
            [-] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
            .
            [-] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
            [-] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
            .
            [-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
            [-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
            .
            [-] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
            [-] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
            .
            [-] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
            [-] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
            .
            [-] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
            [-] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\system32\wuauclt.exe
            .
            [-] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll
            [-] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
            [-] 2010-11-20 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
            [-] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
            .
            [-] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
            [-] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
            .
            [-] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
            [-] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
            .
            [-] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
            [-] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
            .
            [-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
            [-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
            .
            [-] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
            [-] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll
            .
            [-] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
            [-] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
            [-] 2011-05-14 . 0E1B2E16235AA7F89F064EE75DFC905E . 1162752 . . [6.1.7601.17617] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
            [-] 2011-05-14 . 6743E8705A96FCBF71279B5AE2CCFDBC . 1163264 . . [6.1.7601.21728] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
            [-] 2010-11-20 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
            [-] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll
            .
            [-] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
            [-] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
            .
            [-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
            [-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll
            [-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
            [-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll
            [-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
            [-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
            .
            [-] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
            [-] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
            .
            [-] 2011-10-04 . B721EFCC393D76390A319A8A30B1B654 . 17782272 . . [9.00.8112.16434] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_87d981cff4d2a5bd\mshtml.dll
            [-] 2010-06-30 . E16D240876BAD97B05DCAD346AC734F6 . 9295360 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_8aa72da7cbd9a1bb\mshtml.dll
            [-] 2010-06-30 . 74DA18BB61FE98FC002866F032329265 . 9298432 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_8a3330b4b2abca0f\mshtml.dll
            [-] 2011-10-04 . B721EFCC393D76390A319A8A30B1B654 . 17782272 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
            .
            [-] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
            [-] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\system32\msvcrt.dll
            .
            [-] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
            [-] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
            .
            [-] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
            [-] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
            .
            [-] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
            [-] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
            .
            [-] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
            [-] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
            .
            [-] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
            [-] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
            .
            [-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
            [-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
            .
            [-] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
            [-] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
            .
            [-] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
            [-] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
            .
            [-] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
            [-] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
            .
            [-] 2011-10-04 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16434] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_767f62b1747c3c87\wininet.dll
            [-] 2011-06-21 . 1A36497983C867FB85FF1DCD4933015F . 1188864 . . [8.00.7601.17638] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_7ab7a35a2f812f09\wininet.dll
            [-] 2011-06-21 . 6ABD901E178675DFE86CCE75F2FAC9A5 . 1189376 . . [8.00.7601.21754] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_7b279f2548b2a159\wininet.dll
            [-] 2011-04-22 . 2DCA688631F71722B0B5E57F526BB2EB . 1188864 . . [8.00.7601.17601] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_7ad111182f6f29d5\wininet.dll
            [-] 2011-04-22 . BC661E59AE2BC840C6D8165F170DE7DE . 1189376 . . [8.00.7601.21710] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_7b4eddad4895cc39\wininet.dll
            [-] 2011-03-07 . AB026A724960570803E90DC370893BD0 . 1188864 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_7a8760522fa622f3\wininet.dll
            [-] 2011-03-07 . 93679DC9407BFC602D7E6BFC027455E0 . 1189376 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_7b13fdfb48c10ec2\wininet.dll
            [-] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
            [-] 2010-06-30 . DBC6EC40DDEDF875C0576CF2C0CAF9C3 . 1196544 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_794d0e894b833885\wininet.dll
            [-] 2010-06-30 . 3DEB428ACD3D4DECD1619C24E4628DD2 . 1192960 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_78d91196325560d9\wininet.dll
            [-] 2011-10-04 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16434] .. c:\windows\system32\wininet.dll
            .
            [-] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
            [-] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
            .
            [-] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
            [-] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
            .
            [-] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
            [-] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
            .
            [-] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
            [-] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
            .
            [-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
            [-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
            .
            [-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
            [-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
            .
            [-] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
            [-] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
            .
            [-] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
            [-] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
            .
            [-] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
            [-] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
            .
            [-] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
            [-] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
            .
            [-] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
            [-] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
            .
            [-] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
            [-] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
            .
            [-] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll
            [-] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
            .
            [-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
            [-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
            [-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
            [-] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
            .
            [-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
            [-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
            .
            [-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
            [-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
            .
            [-] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
            [-] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
            .
            [-] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
            [-] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\kernel32.dll
            [-] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
            [-] 2011-05-14 . CC5CBC069944E7EA70D8674478A70A37 . 837632 . . [6.1.7601.21728] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
            [-] 2011-05-14 . 166116134C58DC36400DE59ACD64FB39 . 837632 . . [6.1.7601.17617] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
            [-] 2010-11-20 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
            .
            [-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
            [-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
            .
            [-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll
            [-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
            [-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
            [-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
            [-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
            [-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
            .
            [-] 2011-10-04 . E6D5C7E4AAC0C682169AA5021386EFF3 . 12273664 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
            [-] 2011-10-04 . E6D5C7E4AAC0C682169AA5021386EFF3 . 12273664 . . [9.00.8112.16434] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_922e2c22293367b8\mshtml.dll
            [-] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_9487db06e70c8c0a\mshtml.dll
            [-] 2010-06-30 . 25C1646ADC24C371B594544C3D530967 . 5972992 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_94fbd7fa003a63b6\mshtml.dll
            .
            [-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\SysWOW64\msvcrt.dll
            [-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
            .
            [-] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
            [-] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
            .
            [-] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
            [-] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
            .
            [-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
            [-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
            .
            [-] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
            [-] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
            .
            [-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
            [-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
            .
            [-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
            [-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
            .
            [-] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
            [-] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
            .
            [-] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
            [-] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
            .
            [-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
            [-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
            .
            [-] 2011-10-04 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] .. c:\windows\SysWOW64\wininet.dll
            [-] 2011-10-04 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll
            [-] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
            [-] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
            [-] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
            [-] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
            [-] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
            [-] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
            [-] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
            [-] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
            [-] 2010-06-30 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
            .
            [-] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
            [-] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
            .
            [-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
            [-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
            .
            [-] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7601.21669] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
            [-] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
            [-] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7601.17567] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
            [-] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
            .
            [-] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
            [-] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
            .
            [-] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
            [-] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
            .
            [-] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\SysWOW64\usp10.dll
            [-] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
            .
            [-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
            [-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
            .
            [-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
            [-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
            .
            [-] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
            [-] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
            .
            [-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
            [-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
            .
            [-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
            [-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
            .
            [-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
            [-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
            .
            [-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
            [-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
            .
            [-] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
            [-] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
            .
            [-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
            [-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
            .
            [-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
            [-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
            .
            [-] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
            [-] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
            .
            [-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
            [-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
            .
            [-] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
            [-] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
            .
            [-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
            [-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
            .
            [-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
            [-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
            .
            [-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
            [-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
            .
            [-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
            [-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
            .
            [-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7601.17514] .. c:\windows\SysWOW64\WSHTCPIP.DLL
            [-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL

            Comment


            • #7
              Combofix-logfile - deel 2

              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
              REGEDIT4
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
              "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
              "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
              "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
              "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
              "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
              "pnusbclitray"="pnusbclitray.exe" [2010-04-14 67560]
              "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
              "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
              "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
              "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]
              "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-12-12 655360]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
              "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
              .
              c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorAdmin"= 5 (0x5)
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableUIADesktopToggle"= 0 (0x0)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
              "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
              @=""
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
              "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking10\Ereg.ini
              "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
              .
              R1 lvzhmtrs;lvzhmtrs;c:\windows\system32\drivers\lvzhmtrs.sys;c:\windows\SYSNATIVE\drivers\lvzhmtrs.sys [x]
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
              R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x]
              R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
              R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys;c:\windows\SYSNATIVE\drivers\urfltv64.sys [x]
              R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
              R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
              R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
              R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
              R3 pnusbd;Quest RDP USB Driver;c:\windows\system32\Drivers\pnusbd.sys;c:\windows\SYSNATIVE\Drivers\pnusbd.sys [x]
              R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
              R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
              S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
              S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
              S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
              S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
              S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
              S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
              S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
              S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
              S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
              S1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);c:\windows\system32\Drivers\NEOFLTR_710_19243.SYS;c:\windows\SYSNATIVE\Drivers\N EOFLTR_710_19243.SYS [x]
              S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
              S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
              S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
              S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
              S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
              S2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\Drivers\pnpnptool.sys;c:\windows\SYSNATIVE\Drivers\pnpnptool.sys [x]
              S2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe;c:\windows\SYSNATIVE\pnusbvirtualhubwssrv.exe [x]
              S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
              S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
              S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5v64.sys [x]
              S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
              S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
              S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys;c:\windows\SYSNATIVE\DRIVERS\covpnv64.sys [x]
              .
              .
              --- Andere Services/Drivers In Geheugen ---
              .
              *NewlyCreated* - WS2IFSL
              .
              Inhoud van de 'Gedeelde Taken' map
              .
              2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 14:59]
              .
              2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc9738714475e7.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 15:52]
              .
              2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc973872374243.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 15:52]
              .
              .
              --------- X64 Entries -----------
              .
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
              "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
              "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
              .
              ------- Bijkomende Scan -------
              .
              uLocal Page = c:\windows\system32\blank.htm
              uStart Page = hxxp://www.google.be/
              mDefault_Page_URL = hxxp://www.telenet.be
              mStart Page = hxxp://www.telenet.be
              mLocal Page = c:\windows\SysWOW64\blank.htm
              mWindow Title = Telenet Internet
              uInternet Settings,ProxyOverride = *.local
              IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
              IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
              TCP: DhcpNameServer = 192.168.1.1
              DPF: {553AAF97-E49C-11D0-A303-0040C711066C} - file:///D:/backend/DicomObjectsLight.cab
              .
              - - - - ORPHANS VERWIJDERD - - - -
              .
              Toolbar-Locked - (no file)
              Wow6432Node-HKLM-Run-<NO NAME> - (no file)
              SafeBoot-MsMpSvc
              Toolbar-Locked - (no file)
              HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
              .
              .
              .
              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
              .
              [HKEY_USERS\S-1-5-21-2836375764-1994310032-2609680467-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="WindowsLiveMail.Email.1"
              .
              [HKEY_USERS\S-1-5-21-2836375764-1994310032-2609680467-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
              @Denied: (2) (LocalSystem)
              "Progid"="WindowsLiveMail.VCard.1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.11"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\McAfee]
              "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
              00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              ------------------------ Andere Aktieve Processen ------------------------
              .
              c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              c:\windows\system32\DRIVERS\o2flash.exe
              c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
              c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
              c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
              c:\program files (x86)\AVG\AVG PC TuneUp\OneClick.exe
              .
              **************************************************************************
              .
              Voltooingstijd: 2013-07-20 10:37:59 - machine werd herstart
              ComboFix-quarantined-files.txt 2013-07-20 08:37
              .
              Pre-Run: 421.497.544.704 bytes beschikbaar
              Post-Run: 421.050.417.152 bytes beschikbaar
              .
              - - End Of File - - 2349B467A5CCE51A76476EC932D5B731
              5C616939100B85E558DA92B899A0FC36

              Comment


              • #8
                PC herstartten, daarna de DDS log posten
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Beste Emphyrio,

                  Hieronder tref je de gevraagd DDS-logfile.

                  Nade gevraagde (her)opstart van de laptop krijg ik volgende foutboodschap :
                  'Deze versie van Windows is niet legitiem - Security Essentials is uitgeschakeld.'
                  Ben verrast gezien deze computer werd aangekocht bij DELL - m.i. een (legaal) bedrijf dat legale software verkoopt... ?

                  DDS (Ver_2012-11-20.01) - NTFS_AMD64
                  Internet Explorer: 9.0.8112.16421
                  Run by DRTR at 13:15:59 on 2013-07-20
                  Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2612 [GMT 2:00]
                  .
                  AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
                  SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
                  .
                  ============== Running Processes ===============
                  .
                  C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
                  C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
                  C:\Windows\system32\lsm.exe
                  C:\Windows\system32\svchost.exe -k DcomLaunch
                  C:\Windows\system32\svchost.exe -k RPCSS
                  C:\Windows\system32\atiesrxx.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                  C:\Windows\system32\svchost.exe -k netsvcs
                  C:\Windows\system32\svchost.exe -k LocalService
                  C:\Program Files\Dell\DellDock\DockLogin.exe
                  C:\Windows\system32\svchost.exe -k NetworkService
                  C:\Windows\system32\atieclxx.exe
                  C:\Windows\System32\spoolsv.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                  C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
                  C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Windows\system32\DRIVERS\o2flash.exe
                  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
                  C:\Windows\system32\pnusbvirtualhubwssrv.exe
                  C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
                  C:\Windows\system32\svchost.exe -k imgsvc
                  C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Windows\Explorer.EXE
                  C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
                  C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\Program Files\IDT\WDM\sttray64.exe
                  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
                  C:\Program Files\Microsoft Security Client\msseces.exe
                  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                  C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
                  C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
                  C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
                  c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                  C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
                  C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
                  C:\Windows\SysWOW64\PNUSBCLITRAY.exe
                  C:\Windows\SysWOW64\PNTray.exe
                  C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
                  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
                  C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
                  C:\Program Files (x86)\AVG\AVG2013\avgui.exe
                  C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
                  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                  C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
                  C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                  C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
                  C:\Windows\splwow64.exe
                  C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
                  C:\Program Files\Windows Media Player\wmpnetwk.exe
                  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
                  C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
                  C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
                  C:\Program Files (x86)\Internet Explorer\iexplore.exe
                  C:\Windows\system32\SearchIndexer.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\System32\cscript.exe
                  .
                  ============== Pseudo HJT Report ===============
                  .
                  uStart Page = hxxp://www.google.be/
                  mStart Page = hxxp://www.telenet.be
                  mWindow Title = Telenet Internet
                  mDefault_Page_URL = hxxp://www.telenet.be
                  BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                  BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
                  BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
                  uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                  mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
                  mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
                  mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
                  mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
                  mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
                  mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
                  mRun: [pnusbclitray] pnusbclitray.exe
                  mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                  mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
                  mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                  mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                  mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
                  mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                  mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
                  uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                  uPolicies-Explorer: NoDrives = dword:0
                  mPolicies-Explorer: NoDrives = dword:0
                  mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                  mPolicies-System: ConsentPromptBehaviorUser = dword:3
                  mPolicies-System: EnableUIADesktopToggle = dword:0
                  IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                  IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
                  IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                  IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
                  IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                  DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxvpn.cab
                  DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
                  DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://goto.monica.be/vdesk/terminal/InstallerControl.cab
                  DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
                  DPF: {553AAF97-E49C-11D0-A303-0040C711066C} - file:///D:/backend/DicomObjectsLight.cab
                  DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
                  DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
                  DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
                  DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://goto.monica.be/vdesk/terminal/urxshost.cab
                  DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxhost.cab
                  DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
                  TCP: NameServer = 192.168.1.1
                  TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890} : DHCPNameServer = 192.168.1.1
                  TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\75966496F51354 : DHCPNameServer = 192.168.1.1
                  TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\7796669643 : DHCPNameServer = 195.130.137.2 195.130.132.103
                  TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\84A5A5 : DHCPNameServer = 195.130.131.3 195.130.130.131
                  Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                  Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                  AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
                  SSODL: WebCheck - <orphaned>
                  x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
                  x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                  x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
                  x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
                  x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
                  x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
                  x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                  x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                  x64-SSODL: WebCheck - <orphaned>
                  .
                  ============= SERVICES / DRIVERS ===============
                  .
                  R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
                  R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
                  R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
                  R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
                  R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-24 55280]
                  R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
                  R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
                  R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
                  R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]
                  R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
                  R1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);C:\Windows\System32\drivers\NEOFLTR_710_19243.SYS [2012-7-27 99152]
                  R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-24 203264]
                  R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
                  R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
                  R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
                  R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
                  R2 pnpnptool;Quest RDP PnP Driver;C:\Windows\System32\drivers\pnpnptool.sys [2010-7-18 50760]
                  R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\System32\pnusbvirtualhubwssrv.exe [2010-7-18 501064]
                  R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
                  R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2009-12-24 23912]
                  R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-24 5435904]
                  R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-12-24 69152]
                  R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
                  R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2009-10-10 41232]
                  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                  S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
                  S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2010-2-16 44672]
                  S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-24 172704]
                  S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2011-4-15 18448]
                  S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
                  S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
                  S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
                  S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
                  S3 pnusbd;Quest RDP USB Driver;C:\Windows\System32\drivers\pnusbd.sys [2010-7-18 37320]
                  S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-24 215040]
                  S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
                  S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-31 1255736]
                  .
                  =============== Created Last 30 ================
                  .
                  2013-07-20 08:25:38 -------- d-----w- C:\$RECYCLE.BIN
                  2013-07-20 07:09:57 98816 ----a-w- C:\Windows\sed.exe
                  2013-07-20 07:09:57 256000 ----a-w- C:\Windows\PEV.exe
                  2013-07-20 07:09:57 208896 ----a-w- C:\Windows\MBR.exe
                  2013-07-17 10:34:16 35792 ----a-w- C:\Windows\System32\TURegOpt.exe
                  2013-07-17 10:34:10 27088 ----a-w- C:\Windows\System32\authuitu.dll
                  2013-07-17 10:34:08 22480 ----a-w- C:\Windows\SysWow64\authuitu.dll
                  2013-07-17 10:33:33 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG
                  2013-07-17 10:33:01 -------- d-----w- C:\ProgramData\AVG
                  2013-07-17 10:29:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
                  2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iTunes
                  2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iPod
                  2013-07-17 10:29:28 -------- d-----w- C:\Program Files (x86)\iTunes
                  2013-07-17 10:29:04 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
                  2013-07-17 10:20:57 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG2013
                  2013-07-17 10:18:04 -------- d-----w- C:\Users\DRTR\AppData\Roaming\TuneUp Software
                  2013-07-17 10:16:50 -------- d-----w- C:\ProgramData\AVG2013
                  2013-07-17 10:16:50 -------- d-----w- C:\$AVG
                  2013-07-17 10:15:17 -------- d-----w- C:\Program Files (x86)\AVG
                  2013-07-17 10:12:42 -------- d--h--w- C:\ProgramData\Common Files
                  2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\MFAData
                  2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\Avg2013
                  2013-07-17 10:12:42 -------- d-----w- C:\ProgramData\MFAData
                  2013-07-13 17:31:04 -------- d-----w- C:\ProgramData\F-Secure
                  2013-07-11 10:33:54 -------- d-----w- C:\Users\DRTR\AppData\Local\ElevatedDiagnostics
                  2013-06-26 06:24:18 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\offreg.dll
                  2013-06-24 16:18:55 -------- d-----w- C:\Users\DRTR\AppData\Local\{6EE54F6F-E5BA-4F0D-AC55-72D096FA29B2}
                  2013-06-22 18:39:46 -------- d-----w- C:\OutputFolder
                  2013-06-22 18:39:45 -------- d-----w- C:\Users\DRTR\AppData\Roaming\Digiarty
                  2013-06-22 18:32:17 -------- d-----w- C:\Users\DRTR\AppData\Local\MacGo
                  2013-06-20 17:23:13 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\mpengine.dll
                  .
                  ==================== Find3M ====================
                  .
                  2013-06-27 14:59:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                  2013-06-27 14:59:52 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                  .
                  ============= FINISH: 13:16:12,23 ===============

                  Quid volgende stap ?
                  Dank en groeten,
                  Leifoet

                  Comment


                  • #10
                    Er is idd één en ander loos.
                    .
                    • Download PC Info naar je bureaublad.
                    • Unzip en klik op SetupPC Info.
                    • Doorloop het installatieproces.

                    .
                    Dubbelklik op PC Info.
                    De scanning wordt nu ingezet...
                    Na de scanning selecteer je de tab: Logs
                    Vervolgens check je uitsluitend deze items:
                    .
                    • Software
                    • Hardware
                    • Software Installed List
                    • Startup List
                    • Running Processes
                    • Expert Mode
                    • Sig Check
                    • Registry Scan
                    • Services

                    .
                    Klik nu op 'Create a log' kopieer en plak deze in je volgende posting.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Beste Emphyrio,

                      Hieronder tref je de PC-Info-log.
                      'Sig Check' kon ik niet aanvinken.
                      Groeten - Leifoet

                      PC Info vs 2.0.1.5 © 2011-2013 Onsia Patrick (Emphyrio)
                      20/7/2013 17:16:31
                      Boot Status: Normal boot

                      ==================== OS INFO ====================================

                      OS version : Windows 7
                      Edition : Home Premium
                      Service Pack : 1
                      Build version : 6.1.7601.65536
                      Windows OS Bits : 64 *

                      Update detected : 2011-10-05 07:35:42
                      Update downloaded : 2011-10-05 07:37:40
                      Update installed : 2011-10-04 14:46:52

                      ==================== GENERAL INFO ===============================

                      Windows Directory : C:\Windows
                      User Profile : C:\Users\DRTR
                      Java Version : 1.6.0_14
                      Antivirus : AVG Anti-Virus 2013 [Updated - Running ]
                      Anti Spam : AVG Anti-Virus 2013 [Updated - Running ]
                      Firewall : Windows Firewall

                      ==================== HARDWARE ===================================

                      GenuineIntel Intel64 Family 6 Model 23 Stepping 10
                      Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz

                      Mainboard : Dell Inc.

                      Model : Studio 1745

                      Bios Version : A02 (Dell Inc.)

                      RAM Present : 4091 MB / 4 GB
                      RAM Free : 2507 Mb ( 61 % Free )

                      Videocard : ATI Mobility Radeon HD 4650
                      Memory : 1024Mb
                      Driver version : 8.631.0.0

                      ==================== APP LIST ===================================

                      C:\ Fixed - OS - NTFS - 451 Gb (Free : 401468 Mb / 392 Gb )

                      ==================== INSTALLED SOFTWARE LIST ====================


                      Update for Microsoft Office 2007 (KB2508958)
                      Adobe AIR 3.5.0.880
                      Adobe Flash Player 11 ActiveX 11.7.700.224
                      Adobe Flash Player 11 Plugin 11.7.700.224
                      Adobe Reader XI (11.0.02) - Nederlands 11.0.02
                      Advanced Audio FX Engine 1.12.05
                      Apple Application Support 2.3.4
                      Apple Mobile Device Support 6.1.0.13
                      Apple Software Update 2.1.3.127
                      ATI Catalyst Control Center 2.009.0625.1811
                      AVG 2013 13.0.2904
                      AVG 2013 13.0.3204
                      AVG 2013 2013.0.2904
                      AVG PC TuneUp 12.0.4010.19
                      AVG PC TuneUp Language Pack (nl-NL) 12.0.4010.19
                      Belgium e-ID middleware 3.5.3 (build 6193) 3.5.6193
                      Bonjour 3.0.0.10
                      Catalyst Control Center - Branding 1.00.0000
                      Catalyst Control Center Core Implementation 2009.0625.1812.30825
                      Catalyst Control Center Graphics Full Existing 2009.0625.1812.30825
                      Catalyst Control Center Graphics Full New 2009.0625.1812.30825
                      Catalyst Control Center Graphics Light 2009.0625.1812.30825
                      Catalyst Control Center Graphics Previews Common 2009.0625.1812.30825
                      Catalyst Control Center Graphics Previews Vista 2009.0625.1812.30825
                      Catalyst Control Center InstallProxy 2009.0625.1812.30825
                      Catalyst Control Center Localization All 2009.0625.1812.30825
                      ccc-core-static 2009.0625.1812.30825
                      ccc-utility64 2009.0625.1812.30825
                      CCC Help Chinese Standard 2009.0625.1811.30825
                      CCC Help Chinese Traditional 2009.0625.1811.30825
                      CCC Help Danish 2009.0625.1811.30825
                      CCC Help Dutch 2009.0625.1811.30825
                      CCC Help English 2009.0625.1811.30825
                      CCC Help Finnish 2009.0625.1811.30825
                      CCC Help French 2009.0625.1811.30825
                      CCC Help German 2009.0625.1811.30825
                      CCC Help Italian 2009.0625.1811.30825
                      CCC Help Japanese 2009.0625.1811.30825
                      CCC Help Korean 2009.0625.1811.30825
                      CCC Help Norwegian 2009.0625.1811.30825
                      CCC Help Portuguese 2009.0625.1811.30825
                      CCC Help Russian 2009.0625.1811.30825
                      CCC Help Spanish 2009.0625.1811.30825
                      CCC Help Swedish 2009.0625.1811.30825
                      CCleaner 4.00
                      Citrix Authentication Manager 2.0.0.41479
                      Citrix Receiver 13.1.201.3
                      Citrix Receiver (HDX Flash Redirection) 13.1.201.3
                      Citrix Receiver Inside 3.2.0.5844
                      Citrix Receiver(Aero) 13.1.201.3
                      Citrix Receiver(DV) 13.1.201.3
                      Citrix Receiver(USB) 13.1.201.3
                      D3DX10 15.4.2368.0902
                      Dell Dock 2.0.0
                      Dell Edoc Viewer 1.0.0
                      Dell Getting Started Guide 1.00.0000
                      Dell Support Center (Support Software) 2.5.09100
                      Dell Webcam Central 1.40.05
                      Dragon NaturallySpeaking 10 10.10.400
                      Google Earth Plug-in 7.0.3.8542
                      Google Update Helper 1.3.21.153
                      HTC BMP USB Driver 1.0.5375
                      HTC Driver Installer 4.0.1.001
                      HTC Sync 3.3.21
                      Intel® Matrix Storage Manager
                      IPTInstaller 4.0.8
                      iTunes 11.0.4.4
                      Java(TM) 6 Update 14 (64-bit) 6.0.140
                      Java(TM) 6 Update 24 6.0.240
                      Juniper Networks Secure Application Manager 7.1.0.19243
                      Juniper Networks Setup Client Activex Control 2.1.1.1
                      Junk Mail filter update 15.4.3502.0922
                      Live! Cam Avatar Creator 4.6.3009.1
                      Malwarebytes Anti-Malware versie 1.75.0.1300 1.75.0.1300
                      Microsoft .NET Framework 1.1
                      Microsoft .NET Framework 1.1 1.1.4322
                      Microsoft .NET Framework 1.1 Hotfix (KB899511)
                      Microsoft .NET Framework 4 Client Profile 4.0.30319
                      Microsoft .NET Framework 4 Client Profile NLD Language Pack 4.0.30319
                      Microsoft Antimalware 3.0.8402.2
                      Microsoft Antimalware Service NL-NL Language Pack 3.0.8402.2
                      Microsoft Application Error Reporting 12.0.6015.5000
                      Microsoft Office 2007 Service Pack 2 (SP2)
                      Microsoft Office Converter Pack 11.0.0.0
                      Microsoft Office Excel MUI (Dutch) 2007 12.0.6425.1000
                      Microsoft Office File Validation Add-In 14.0.5130.5003
                      Microsoft Office Home and Student 2007 12.0.6425.1000
                      Microsoft Office Office 64-bit Components 2007 12.0.6425.1000
                      Microsoft Office OneNote MUI (Dutch) 2007 12.0.6425.1000
                      Microsoft Office PowerPoint MUI (Dutch) 2007 12.0.6425.1000
                      Microsoft Office Proof (Dutch) 2007 12.0.6425.1000
                      Microsoft Office Proof (English) 2007 12.0.6425.1000
                      Microsoft Office Proof (French) 2007 12.0.6425.1000
                      Microsoft Office Proof (German) 2007 12.0.6425.1000
                      Microsoft Office Proofing (Dutch) 2007 12.0.4518.1017
                      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
                      Microsoft Office Shared 64-bit MUI (Dutch) 2007 12.0.6425.1000
                      Microsoft Office Shared MUI (Dutch) 2007 12.0.6425.1000
                      Microsoft Office Word MUI (Dutch) 2007 12.0.6425.1000
                      Microsoft Search Enhancement Pack 3.0.133.0
                      Microsoft Security Client 2.1.1116.0
                      Microsoft Security Client NL-NL Language Pack 2.1.1116.0
                      Microsoft Security Essentials 2.1.1116.0
                      Microsoft Silverlight 4.0.60531.0
                      Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000
                      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053
                      Microsoft Visual C++ 2005 Redistributable - KB2467175 8.0.51011
                      Microsoft Visual C++ 2005 Redistributable 8.0.58299
                      Microsoft Visual C++ 2005 Redistributable 8.0.61001
                      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 9.0.30729
                      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 9.0.30729
                      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161
                      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219
                      MSVCRT 15.4.2862.0708
                      MSVCRT_amd64 15.4.2862.0708
                      MSXML 4.0 SP2 (KB954430) 4.20.9870.0
                      MSXML 4.0 SP2 (KB973688) 4.20.9876.0
                      MSXML 4.0 SP3 Parser 4.30.2100.0
                      Online Plug-in 13.1.201.3
                      PC Info 2.0.15
                      Philips Device Control Center 2.7.240.15
                      PowerDVD DX 8.3.5424
                      Quickset64 9.6.6
                      Roxio Burn 1.01
                      Security Update for 2007 Microsoft Office System (KB2288621)
                      Security Update for 2007 Microsoft Office System (KB2288931)
                      Security Update for 2007 Microsoft Office System (KB2345043)
                      Security Update for 2007 Microsoft Office System (KB2553074)
                      Security Update for 2007 Microsoft Office System (KB2553089)
                      Security Update for 2007 Microsoft Office System (KB2553090)
                      Security Update for 2007 Microsoft Office System (KB2584063)
                      Security Update for 2007 Microsoft Office System (KB969559)
                      Security Update for 2007 Microsoft Office System (KB976321)
                      Security Update for CAPICOM (KB931906) 2.1.0.2
                      Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) 1
                      Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 1
                      Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 1
                      Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 1
                      Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) 1
                      Security Update for Microsoft Office Excel 2007 (KB2553073)
                      Security Update for Microsoft Office InfoPath 2007 (KB979441)
                      Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
                      Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
                      Security Update for Microsoft Office system 2007 (972581)
                      Security Update for Microsoft Office system 2007 (KB974234)
                      Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
                      Security Update for Microsoft Office Word 2007 (KB2344993)
                      Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663) 1
                      Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) 1
                      Self-service Plug-in 3.2.0.24226
                      Skins 2009.0625.1812.30825
                      Synaptics Pointing Device Driver 13.2.2.2
                      Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD 4.0.30319
                      Update for 2007 Microsoft Office System (KB2284654)
                      Update for 2007 Microsoft Office System (KB967642)
                      Update for Microsoft .NET Framework 4 Client Profile (KB2468871) 1
                      Update for Microsoft .NET Framework 4 Client Profile (KB2473228) 1
                      Update for Microsoft .NET Framework 4 Client Profile (KB2533523) 1
                      Update for Microsoft Office 2007 System (KB2539530)
                      Update for Microsoft Office OneNote 2007 (KB980729)
                      Update voor Microsoft Office Excel 2007 Help (KB963678)
                      Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
                      Update voor Microsoft Office Word 2007 Help (KB963665)
                      Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) 10.20.200
                      Visual Studio 2010 x64 Redistributables 13.0.0.1
                      vWorkspace Web Client 7.1.358
                      Windows Live Communications Platform 15.4.3502.0922
                      Windows Live Essentials 15.4.3502.0922
                      Windows Live Essentials 15.4.3555.0308
                      Windows Live ID Sign-in Assistant 7.250.4232.0
                      Windows Live Installer 15.4.3502.0922
                      Windows Live Language Selector 15.4.3555.0308
                      Windows Live Mail 15.4.3502.0922
                      Windows Live Messenger 15.4.3538.0513
                      Windows Live MIME IFilter 15.4.3502.0922
                      Windows Live Movie Maker 15.4.3502.0922
                      Windows Live Photo Common 15.4.3502.0922
                      Windows Live Photo Gallery 15.4.3502.0922
                      Windows Live PIMT Platform 15.4.3508.1109
                      Windows Live SOXE 15.4.3502.0922
                      Windows Live SOXE Definitions 15.4.3502.0922
                      Windows Live Sync 14.0.8089.726
                      Windows Live UX Platform 15.4.3502.0922
                      Windows Live UX Platform Language Pack 15.4.3508.1109
                      Windows Live Writer 15.4.3502.0922
                      Windows Live Writer Resources 15.4.3502.0922

                      ==================== STARTUP LIST Enabled========================

                      ------- Local 32/64 HKLM DRTR------------

                      StartCCC : "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
                      PDVDDXSrv : "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
                      Dell Webcam Central : "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
                      Desktop Disc Tool : "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
                      DellSupportCenter : "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
                      beid : "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
                      pnusbclitray : pnusbclitray.exe
                      :
                      SSBkgdUpdate : "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                      ISUSScheduler : "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
                      APSDaemon : "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                      ConnectionCenter : "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                      HTC Sync Loader : "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
                      Adobe ARM : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                      AVG_UI : "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

                      ------- Local [HKLM] DRTR------------

                      SynTPEnh : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      SysTrayApp : C:\Program Files\IDT\WDM\sttray64.exe
                      IAAnotif : C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
                      MSC : "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

                      ------- Current User [HKCU] DRTR------------

                      ISUSPM Startup : C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup


                      ==================== RUNNING PROCESSES ==========================

                      RoxioBurnLauncher ID = 3920 Path: C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
                      htcUPCTLoader ID = 3328 Path: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
                      WebcamDell2 ID = 3908 Path: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
                      PDVDDXSrv ID = 3884 Path: C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
                      sttray64 ID = 3488 Path: C:\Program Files\IDT\WDM\sttray64.exe
                      CCC ID = 4272 Path: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
                      iexplore ID = 4468 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
                      MOM ID = 3940 Path: c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                      SynTPHelper ID = 3856 Path: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                      msseces ID = 3652 Path: C:\Program Files\Microsoft Security Client\msseces.exe
                      csrss ID = 696 Path: C:\Windows\system32\csrss.exe
                      PNUSBCLITRAY ID = 4044 Path: C:\Windows\SysWOW64\PNUSBCLITRAY.exe
                      SynTPEnh ID = 3452 Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      explorer ID = 2856 Path: C:\Windows\Explorer.EXE
                      concentr ID = 3052 Path: C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
                      iexplore ID = 2456 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
                      splwow64 ID = 5080 Path: C:\Windows\splwow64.exe
                      SelfServicePlugin ID = 4604 Path: C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
                      pntray ID = 2824 Path: C:\Windows\SysWOW64\PNTray.exe
                      atieclxx ID = 1444 Path: C:\Windows\system32\atieclxx.exe
                      Receiver ID = 852 Path: C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
                      iexplore ID = 4984 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
                      beid35gui ID = 3992 Path: C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
                      issch ID = 3096 Path: C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
                      IAAnotif ID = 3532 Path: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
                      dwm ID = 2792 Path: C:\Windows\system32\Dwm.exe
                      TuneUpUtilitiesApp64 ID = 4168 Path: C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
                      PC Info ID = 5184 Path: C:\Program Files (x86)\E Dev\PC Info\PC Info.exe
                      winlogon ID = 808 Path: C:\Windows\system32\winlogon.exe
                      avgui ID = 3368 Path: C:\Program Files (x86)\AVG\AVG2013\avgui.exe
                      sprtcmd ID = 3948 Path: C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
                      wfcrun32 ID = 5320 Path: C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

                      ==================== REG SCAN ===================================

                      Empthy keys and/or values aren't logged !


                      ==================== SESSION MANAGER ============================

                      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
                      BootExecute = autocheck autochk *


                      ==================== WINLOGON ===================================

                      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

                      Userinit = C:\Windows\system32\userinit.exe,
                      Shell = Explorer.exe


                      ==================== ShellServiceObjectDelayLoad ================

                      HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

                      WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                      File in HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32\


                      ==================== Shell Extensions\Approved ==================

                      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

                      {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = WebCheck
                      {08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
                      File in HKCR\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InProcServer32\ = C:\Windows\System32\webcheck.dll


                      ==================== Shell Extensions\Approved WOW 6432 =========

                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                      {08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
                      {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = WebCheck


                      ==================== SharedTaskScheduler ========================

                      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\



                      File in HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32\ = C:\Windows\system32\explorerframe.dll


                      ==================== RUN KEYS====================================

                      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                      HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
                      HKCU\Software\Microsoft\Windows\CurrentVersion\Run

                      ISUSPM Startup = C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
                      HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                      HKLM\Software\Microsoft\Windows\CurrentVersion\Run

                      IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
                      MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
                      SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe

                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run


                      Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                      APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                      AVG_UI = "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
                      beid = "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
                      ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                      Dell Webcam Central = "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
                      DellSupportCenter = "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
                      Desktop Disc Tool = "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
                      HTC Sync Loader = "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
                      ISUSScheduler = "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
                      PDVDDXSrv = "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
                      pnusbclitray = pnusbclitray.exe
                      SSBkgdUpdate = "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                      StartCCC = "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
                      HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce


                      ==================== vVv Krepper Trojan Pointers vVv ============

                      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run


                      ==================== RUN SERVICES ===============================

                      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
                      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
                      HKU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
                      HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                      HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                      HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


                      ==================== Shell Folder ===============================

                      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                      Startup = C:\Users\DRTR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

                      HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


                      ==================== DLL Loaded =================================

                      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows

                      RequireSignedAppInit_DLLs = 0x00000001
                      ( 0x0 – Load any DLLs. 0x1 – Load only code-signed DLLs.)



                      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load



                      ==================== ShellExecuteHooks ==========================

                      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks


                      ==================== Command Processor ==========================

                      HKLM\Software\Microsoft\Command Processor
                      HKCU\Software\Microsoft\Command Processor


                      ==================== BROWSER HELPER OBJECTS =====================

                      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

                      {9030D464-4C02-4ABF-8ECC-5164760863C6} = Windows Live ID Sign-in Helper
                      AppID = {062C56BD-B2FF-4405-88D9-93154F27D785}
                      File in HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32\
                      = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      --------------------------------------------------------------------
                      {DBC80044-A445-435b-BC74-9C25C1C588A9} = Java(tm) Plug-In 2 SSV Helper
                      File in HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\
                      = C:\Program Files\Java\jre6\bin\jp2ssv.dll
                      --------------------------------------------------------------------

                      ==================== BHO - CLSID Wow6432Node ====================

                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

                      {18DF081C-E8AD-4283-A596-FA578C2EBDC3} = Adobe PDF Link Helper
                      AppID = {77AB4812-5411-4EA9-8437-77AD0F230302}
                      File in HKCR\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InProcServer32\
                      = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

                      --------------------------------------------------------------------
                      {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} = Search Helper
                      File in HKCR\Wow6432Node\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\InProcServer32\
                      = C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

                      --------------------------------------------------------------------
                      {9030D464-4C02-4ABF-8ECC-5164760863C6} = Aanmeldhulp voor Windows Live ID
                      AppID = {062C56BD-B2FF-4405-88D9-93154F27D785}
                      File in HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32\
                      = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

                      --------------------------------------------------------------------
                      {DBC80044-A445-435b-BC74-9C25C1C588A9} = Java(tm) Plug-In 2 SSV Helper
                      File in HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\
                      = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

                      --------------------------------------------------------------------

                      ==================== TOOLBAR ====================================

                      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

                      # Not exist #


                      ==================== TOOLBAR - Wow6432Node ======================

                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar


                      ==================== URL SEARCH HOOKS ===========================

                      HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks

                      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks

                      HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks


                      ==================== SAFE BOOT ==================================

                      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

                      AlternateShell = cmd.exe
                      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

                      {533C5B84-EC70-11D2-9505-00C04F79DEAF}
                      = Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
                      = IEEE 1394 Bus host controllers{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
                      = SBP2 IEEE 1394 Devices{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
                      = SecurityDevices

                      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

                      {50DD5230-BA8A-11D1-BF5D-0000F805F530}
                      = Smart card readers{533C5B84-EC70-11D2-9505-00C04F79DEAF}
                      = Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
                      = IEEE 1394 Bus host controllers{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
                      = SBP2 IEEE 1394 Devices{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
                      = SecurityDevicesDnsCache
                      = ServiceWudfPf
                      = DriverWudfRd
                      = DriverWudfSvc
                      = ServiceWudfUsbccidDriver
                      = Driver

                      ==================== DESKTOP ====================================

                      HKCU\Control Panel\Desktop

                      ScreenSaveActive = 1
                      HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE

                      ==================== SECURITYPROVIDERS ==========================

                      HKLM\system\currentcontrolset\control\securityproviders

                      SecurityProviders = credssp.dll
                      File in C:\Windows\System32\credssp.dll 22016 bytes [ 7/06/2011 12:30:10 ]

                      ==================== SERVICES ===================================

                      Service without a value in ImagePath or 'svchost.exe -k' aren't logged !

                      HKLM\SYSTEM\CurrentControlSet\Services

                      *** Win32OwnProcess ***

                      R2 - AdobeARMservice - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                      S3 - AdobeFlashPlayerUpdateSvc - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
                      S3 - ALG - Application Layer Gateway Service - C:\Windows\System32\alg.exe
                      R2 - AMD External Events Utility - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
                      R2 - Apple Mobile Device - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
                      R2 - AVGIDSAgent - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe"
                      R2 - avgwd - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe"
                      R2 - Bonjour Service - Bonjour-service - "C:\Program Files\Bonjour\mDNSResponder.exe"
                      S4 - clr_optimization_v2.0.50727_32 - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                      S4 - clr_optimization_v2.0.50727_64 - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
                      S2 - clr_optimization_v4.0.30319_32 - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                      S2 - clr_optimization_v4.0.30319_64 - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                      S3 - COMSysApp - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
                      R2 - DockLoginService - Dock Login Service - C:\Program Files\Dell\DellDock\DockLogin.exe
                      S3 - ehRecvr - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
                      S3 - ehSched - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
                      S3 - Fax - Fax - C:\Windows\system32\fxssvc.exe
                      S3 - FontCache3.0.0.0 - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                      S2 - gupdate - Google Updateservice (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
                      S3 - gupdatem - Google Update-service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
                      R2 - IAANTMON - Intel(R) Matrix Storage Event Monitor - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
                      S3 - iPod Service - iPod-service - "C:\Program Files\iPod\bin\iPodService.exe"
                      S3 - MSDTC - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
                      R3 - msiserver - Windows Installer - C:\Windows\system32\msiexec.exe /V
                      R2 - O2FLASH - O2FLASH - C:\Windows\system32\DRIVERS\o2flash.exe
                      S3 - odserv - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
                      S3 - ose - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                      R2 - PassThru Service - Internet Pass-Through Service - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
                      S3 - PerfHost - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
                      S2 - pnusbvirtualhubwssrv - Quest USB Hub Client Service - C:\Windows\system32\pnusbvirtualhubwssrv.exe
                      S3 - RpcLocator - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
                      R2 - SeaPort - SeaPort - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
                      S3 - SNMPTRAP - SNMP Trap - C:\Windows\System32\snmptrap.exe
                      S2 - sppsvc - Software Protection - C:\Windows\system32\sppsvc.exe
                      S2 - STacSV - Audio Service - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.e xe
                      S3 - TrustedInstaller - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
                      R2 - TuneUp.UtilitiesSvc - AVG PC TuneUp Service - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
                      S3 - vds - Virtual Disk - C:\Windows\System32\vds.exe
                      S3 - VSS - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
                      S3 - WatAdminSvc - Windows Activation Technologies-service - C:\Windows\system32\Wat\WatAdminSvc.exe
                      S3 - wbengine - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
                      R2 - wlidsvc - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
                      S3 - wmiApSrv - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
                      R2 - WMPNetworkSvc - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
                      S2 - WSearch - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding

                      *** Win32ShareProcess ***

                      S3 - EFS - Encrypting File System (EFS) - C:\Windows\System32\lsass.exe
                      S3 - idsvc - Windows CardSpace - "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
                      R3 - KeyIso - CNG Key Isolation - C:\Windows\system32\lsass.exe
                      S3 - Netlogon - Netlogon - C:\Windows\system32\lsass.exe
                      S4 - NetTcpPortSharing - Net.Tcp Port Sharing Service - "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
                      S3 - ProtectedStorage - Protected Storage - C:\Windows\system32\lsass.exe
                      R2 - SamSs - Security Accounts Manager - C:\Windows\system32\lsass.exe
                      S3 - VaultSvc - Credential Manager - C:\Windows\system32\lsass.exe

                      *** Other ***

                      R0 - Avgmfx64 - AVG Mini-Filter Resident Anti-Virus Shield - \SystemRoot\system32\DRIVERS\avgmfx64.sys
                      R0 - Avgrkx64 - AVG Anti-Rootkit Driver - \SystemRoot\system32\DRIVERS\avgrkx64.sys
                      R3 - bowser - Stuurprogramma voor browserondersteuning - system32\DRIVERS\bowser.sys
                      S4 - cdfs - CD/DVD File System Reader - system32\DRIVERS\cdfs.sys
                      R1 - DfsC - DFS Namespace Client Driver - System32\Drivers\dfsc.sys
                      R0 - FileInfo - File Information FS MiniFilter - \SystemRoot\system32\drivers\fileinfo.sys
                      S3 - Filetrace - Filetrace - system32\drivers\filetrace.sys
                      R0 - FltMgr - FltMgr - \SystemRoot\system32\drivers\fltmgr.sys
                      S3 - FsDepends - File System Dependency Minifilter - System32\drivers\FsDepends.sys
                      R2 - luafv - Virtualisatie van UAC-bestanden - \SystemRoot\system32\drivers\luafv.sys
                      R1 - MpFilter - Microsoft Malware Protection Driver - system32\DRIVERS\MpFilter.sys
                      S3 - MRxDAV - WebDav Client Redirector-stuurprogramma - \SystemRoot\system32\drivers\mrxdav.sys
                      R3 - mrxsmb - Wrapper en engine SMB mini-redirector - system32\DRIVERS\mrxsmb.sys
                      R3 - mrxsmb10 - SMB 1.x mini-redirector - system32\DRIVERS\mrxsmb10.sys
                      R3 - mrxsmb20 - SMB 2.0 mini-redirector - system32\DRIVERS\mrxsmb20.sys
                      R0 - Mup - Mup - \SystemRoot\System32\Drivers\mup.sys
                      R1 - NetBIOS - NetBIOS Interface - system32\DRIVERS\netbios.sys
                      R1 - rdbss - Omgeleid bufferingsubsysteem - system32\DRIVERS\rdbss.sys
                      R2 - Spooler - Print Spooler - C:\Windows\System32\spoolsv.exe
                      R2 - sprtsvc_DellSupportCenter - SupportSoft Sprocket Service (DellSupportCenter) - "C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter
                      R3 - srv - Stuurprogramma Server SMB 1.xxx - System32\DRIVERS\srv.sys
                      R3 - srv2 - Stuurprogramma Server SMB 2.xxx - System32\DRIVERS\srv2.sys
                      R3 - srvnet - srvnet - System32\DRIVERS\srvnet.sys
                      S4 - udfs - udfs - system32\DRIVERS\udfs.sys
                      S3 - UI0Detect - Interactive Services Detection - C:\Windows\system32\UI0Detect.exe
                      S3 - WimFltr - WimFltr - system32\DRIVERS\wimfltr.sys
                      S3 - WIMMount - WIMMount - system32\drivers\wimmount.sys


                      ==================== WOW-CMDLINE ================================

                      HKLM\SYSTEM\CurrentControlSet\Control\WOW
                      cmdline = C:\Windows\system32\ntvdm.exe


                      ==================== SVCHOST (White Listed) ==================

                      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

                      All ok

                      ==================== WOW-SVCHOST ================================

                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost

                      All ok
                      ==================== INTERFACES =================================

                      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

                      {373FF64F-EA13-4CD9-A689-E66C8229A890}
                      ====================*============================================

                      {3EEE8E33-6305-4B7C-A92F-101237FC8F78}
                      ====================*============================================

                      {846ee342-7039-11de-9d20-806e6f6e6963}
                      ====================*============================================

                      {92ABA403-BB04-4854-8D4C-516DA7B4A76B}
                      ====================*============================================


                      ==================== SEARCHSCOPES ===============================

                      HKCU\Software\Microsoft\Internet Explorer\SearchScopes

                      DefaultScope : {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

                      {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
                      URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7GGLL_nlBE361
                      ====================*============================================

                      {A5E186A6-011D-4D95-87B4-F77D2FA9F303}
                      URL :
                      ====================*============================================


                      HKLM\Software\Microsoft\Internet Explorer\SearchScopes

                      DefaultScope :

                      {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                      URL :
                      --------------------------------------------------------------------
                      {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
                      URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
                      --------------------------------------------------------------------
                      {D03163B6-1F34-4E2B-A478-C5B67266E198}
                      URL : http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
                      --------------------------------------------------------------------


                      ==================== Job files ==================================

                      There are no .job files found.
                      =================================================================

                      Log finished at 20/07/2013 17:16:33
                      Thanks for using PC Info...

                      ==================== END ========================================

                      Comment


                      • #12
                        Prima

                        Volgende te verwijderen tools staan in je software lijst:
                        .
                        • AVG PC TuneUp 12.0.4010.19
                        • AVG PC TuneUp Language Pack (nl-NL) 12.0.4010.19
                        • Java(TM) 6 Update 14 (64-bit) 6.0.140
                        • Java(TM) 6 Update 24 6.0.240

                        .
                        Deze kan je verwijderen via "Programma's en onderdelen".
                        De onderdelen selecteren en verwijderen kiezen.

                        Als je dat hebt gedaan herstart je je pc.


                        Vervolgens download je bijgevoegde batch (look.bat) naar je bureaublad.
                        Rechtsklik erop, uitvoeren als Admin en post de log die verschijnt.


                        Opmerking: Ik lees dat de laatste update die op deze pc geinstalleert werdt dateert van 2011 ?
                        Update installed : 2011-10-04 14:46:52
                        Het probleem was dan reeds langer aanwezig.
                        Last edited by Emphyrio; 20-07-13, 16:49.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Beste Emphyrio,

                          Hieronder tref je de gevraagde logfile.
                          Deze laptop was een aantal jaren quasi onbeveiligd - vermoedelijke oorzaak van alle ellende.

                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc
                          DisplayName REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1001
                          ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k NetworkService
                          Description REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1002
                          ObjectName REG_SZ NT Authority\NetworkService
                          ErrorControl REG_DWORD 0x1
                          Start REG_DWORD 0x2
                          Type REG_DWORD 0x20
                          DependOnService REG_MULTI_SZ RpcSs
                          ServiceSidType REG_DWORD 0x1
                          RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
                          FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000

                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters
                          ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\cryptsvc.dll
                          ServiceMain REG_SZ CryptServiceMain
                          ServiceDllUnloadOnStop REG_DWORD 0x1

                          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security
                          Security REG_BINARY 00000E0001


                          present


                          Groeten, Leifoet

                          Comment


                          • #14
                            Ok, dat verklaard natuurlijk een en ander
                            .
                            1. Maak een nieuwe map aan op je bureaublad.
                            2. Download Complete Internet Repair x64
                              en sla deze op in de juist aangemaakte nieuwe map.
                            3. Pak alle bestanden uit.
                            4. Open CIntRep
                            5. rechtsklik ->Uitvoeren als Administrator.
                            6. Het programma wordt gestart, selecteer de onderstaande vakjes:
                            7. [
                            8. Druk op Go.

                            Onderaan vind je een logfile. Post deze.
                            Laat me tevens weten of er een reparatie heeft plaats gevonden,
                            Last edited by Emphyrio; 20-07-13, 17:55.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Beste Emphyrio,

                              Heb CIntRep64 (=juiste ?) gedraaid - logfile is m.i. moeilijk te 'vangen' - kan ze niet volledig kopiëren of doe ik iets verkeerd ? reboot uitgevoerd - nogmaals geprobeerd om logfile te kopieren ....

                              --> Restoring the default Windows HOSTS file, Please wait.....
                              --> Writing data to the HOSTS file.....
                              --> HOSTS file created successfully.
                              --> You will need to reboot your computer before the settings will take effect.
                              --> Reboot Canceled.

                              Updating werkt (nog) niet - krijg nog steeds de meding dat Windows Securities niet werkt omwille van illegale software.

                              Groeten, Leifoet
                              Last edited by leifoet; 20-07-13, 17:49.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X